Microsoft Dynamics CRM for Phone and Tablets cannot connect to Dynamics CRM organization due to length of TokenLifetime
This article provides a resolution for the issue that Microsoft Dynamics CRM for Phone and Tablets can't connect to Dynamics CRM organization due to length of the TokenLifetime
property.
Applies to: Microsoft Dynamics CRM 2013, Microsoft Dynamics CRM 2013 Service Pack 1
Original KB number: 3034570
Symptoms
When trying to set up a Microsoft Dynamics CRM organization in any of the Microsoft Dynamics CRM mobile client applications, authentication enters a never-ending loop in which the application seems to be trying to perform some authenticate, but does not complete.
Cause
Larger than default values for the TokenLifetime
property in AD FS for the Relying Party can cause this authentication loop.
Resolution
The recommended value of the TokenLifetime
should be set to the default value of 0, which means 600 minutes or 10 hours. Using the SSOLifetime option in the federation service instead can prevent the users from having to introduce their credentials too often in these Microsoft Dynamics CRM mobile applications. The default value of SSOLifetime is 480 minutes or 8 hours.
More information
How to change the SSO Lifetime
property of the ADFS, see Set-ADFSProperties.
How to change the TokenLifetime
property of the ADFS Relying party through PowerShell, see Claims-based authentication and security token expiration.